What is CVE-2019-5642?

CVE-2019-5642 is a low-severity vulnerability in Rapid7 Metasploit Pro, classified under Incorrect Permission Assignment for Critical Resource. CVSS score: 3.3/10. Published 2019-11-06.

How severe is CVE-2019-5642?

Low severity. CVSS v3 base score is 3.3 out of 10.

Vulnerability in Rapid7 Metasploit Pro

CVE-2019-5642

Rapid7 Metasploit Pro version 4.16.0-2019081901 and prior suffers from an instance of CWE-732, wherein the unique server.key is written to the file system during installation with world-readable permissions. This can allow other users of t…

EPSS: 0.001 (26.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 3.3 (Low). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N.

Affected products

Rapid7 Metasploit Pro — versions unspecified

Weakness classification (CWE)

CWE-732 — Incorrect Permission Assignment for Critical Resource

References

help.rapid7.com/metasploit/release-notes/ (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2019-5642?: CVE-2019-5642 is a low-severity vulnerability in Rapid7 Metasploit Pro, classified under Incorrect Permission Assignment for Critical Resource. CVSS score: 3.3/10. Published 2019-11-06.
How severe is CVE-2019-5642?: Low severity. CVSS v3 base score is 3.3 out of 10.